On Sun, 2014-05-25 at 11:37 +0800, anc...@gmail.com wrote:
> Thank you for your info.
> 
> I do apt to conclude this as a "false positive", but clamav-0.98.1 does not 
> yield "high threat" warnings under the same scan conditions :

And you back-rev'd and installed 0.98.1 and rescanned. I'm wondering if
the scanner updated its rules or signatures or plugin used to detect.

Sometimes they get a bit overzealous in changes and step over the
line... especially with CVSS of 7 or higher. It is worth looking to to
figure out when the plugin was updated.

> > NVT:    SMTP antivirus scanner DoS
> > OID:    1.3.6.1.4.1.25623.1.0.11036
> > Threat: Log (CVSS: 7.2)
> > Port:   smtp (25/tcp)
> >         submission (587/tcp)
> >
> > For some reason, we could not send the 42.zip file to this MTA
> >
> > Vulnerability Detection Method:
> > Details:
> > SMTP antivirus scanner DoS
> > (OID: 1.3.6.1.4.1.25623.1.0.11036)
> 
> I wish some expert can account for this difference before the "false 
> positive" conclusion.
> 

-- 
greg folkert - systems administration and support
web:    donor.com
email:  g...@donor.com
phone:  877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"There is always the need to carry on."
    -- Marjory Stoneman Douglas

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Reply via email to